Potential Arbitrary Code Execution Vulnerability in Linux Kernel's devicemem_server.c
CVE-2024-34725

7HIGH

Key Information:

Vendor: Linux
Status: Android
Vendor: CVE Published:; 9 July 2024

Summary

The vulnerability in the Android Operating System, specifically located in the 'DevmemIntUnexportCtx' function of 'devicemem_server.c', poses a potential risk of arbitrary code execution due to a race condition. This flaw permits attackers to escalate privileges within the kernel without the need for additional execution rights. Notably, user interaction is not required for the exploit, which increases the vulnerability's potential for impact on device security. Addressing this issue is vital for maintaining the integrity and safety of Android devices across various versions.

References

https://source.android.com/security/bulletin/2024-07-01

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024

Collectors

NVD Database